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Jancar's formal system for deciding bisimulation of first-order grammars 

and its non-soundness. 

by Geraud Senizergues 
LaBRI and Universite de Bordeaux 1 

Abstract : We construct an example of proof within the main formal system from |JanlO| . 
which is intended to capture the bisimulation equivalence for non-deterministic first-order 
grammars, and show that its conclusion is semantically false. We then locate and analyze the 
flawed argument in the soundness (meta)-proof of [JanlOj. 
Keywords: first-order grammars; bisimulation problem; formal proof systems. 
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1 The grammar 



We consider the alphabet of actions A, an intermediate alphabet of labels T and a map 
LAB.A : T -> A defined by: 

T := {x, y, z, £i}, A := {a, b, £1}, and 

LAB^4 :a;4a, y H )• a, z i-> 6, t\^r l\. 

(these intermediate objects T, LAB^4 will ease the definition of ACT below). We define a 
first-order grammar Q = (J\f, A, 1Z) by: 

M := {A,A',A",B, B', B", C, D, E, L x } 
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and the set of rules Tl consists of the following: 



A{v) 


y 


Civ) 


(1) 


A(v) 


X 


A'(v) 


(2) 


B(v) 


X 


Civ) 


(3) 


B(v) 


y 


B'(v) 


(4) 


Civ) 


X 


DM 


(5) 


Civ) 


y 


EM 


(6) 


A'M 

V / 


X 


A"M 


(7) 


B\v) 


X 


B"{v) 


(8) 


A"(v) 


X 


D(v) 


(9) 


B"{v) 


X 


E(v) 


(10) 


D(v) 


X 


V 


(11) 


E(v) 


X 


V 


(12) 


E(v) 


z 


V 


(13) 


Li 


tl 


_L 


(14) 



Let us name rule rj (for 1 < i < 14), the rule appearing in order i in the above list. We 
define a map LAB7- : 1Z —> T by: LAB7"(rj) is the terminal letter used by the given rule 
rj. Subsequently we define ACT(rj) := LAB^4(LAB-7-(rj)). Namely, ACT maps all the rules 
ri, . . . , r\2 onto a, r\3 on b and ri4 on t\. 

2 The formal system 

We consider the formal systems c7(?b, Tq, So, B) defined in page 22 of [JanlOj . which are 
intended to be sound and complete for the bisimulation-problem for non-deterministic first- 
order grammars. Let us denote by T the set of all terms over the ranked alphabet J\f U {Li \ 
i € N} U {_L} (here the symbols Lj have arity 0). 

2.1 Prefixes of strategies 

The notion of finite prefix of a D-strategy is mentionned p. 23, line 11. We assume it has the 
following meaning 

Definition 1. Let T,T' 6 T. A finite prefix of a D-strategy w.r.t. (T, T') is a subset S Q 
ill x 11)* of the form 

S = S'niKx K)^ n 
for some n € N and some D-strategy S' w.r.t. (T, T'). 

In order to make clear that the above notion is effective, we consider the following notion of 
D-q-strategy (Defender's quasi-strategy) . 

Definition 2. Let T,T' € T. A D-q-strategy w.r.t. (T, T') is a subset S C (TZ x Tl)* such 
that: 

DQ1: ie,e) e S 
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DQ2: S is prefix-closed 
DQ3: S C PLAYS (T, T') 
DQ4: Va G S, 
either a\S = {(e,e)} 
or NEXT((T,T'),a) 

or [NEXT((T,T'),a) G~i and ffce sei {(vr, vr') G ftxft | a-(vr,7r') G 5} is full for NEXT ((T, T'), a)/. 



Note that a D -strategy is a D-q-strategy where, condition DQ4 is replaced by: 
DQ'4: Va G 5, 
NEXT((T,T'),a) £~i 

or [NEXT((T,T'),a) €~i and the set {(vr, vr') G IZxlZ | a-(7r,7r') G 5} is full for NEXT((T, T'),a)]. 
A winning D-strategy, is a D-q-strategy where condition DQ4 is replaced by: 
DQ"4: Va G S, 

NEXT((T,T'),a) g~i and the set {(tt, vr') G TZxTZ \ a-(iry) G S} is full for NEXT ((T, T'), a). 

Lemma 1. Every finite prefix of a strategy is a D-q-strategy. 
Proof: Let S' be a D-strategy w.r.t. (T, T') and 

S = S' n {K x ^ n 

for some n G N, 5' D-strategy w.r.t. (T, T'). 

DQ1: Since S" is non-empty and prefix-closed (e,e) G S", hence (e,e) G S" fl 5(72- x 1Z)- n . 
DQ2: S" and (7£. x 1Z)- n are both prefix- closed, hence their intersection is also prefix-closed. 
DQ3: 5' C PLAYS (T, T') and S C 5', hence 5 C PLAYS (T, T') 
DQ4: Va G 5, 
NEXT((T,T'),a) 

or [NEXT((T,T'),a) G~i and the set {(vr,^) G 1Z X 1Z \ a ■ (ir, it') G 5'} is full for 

NEXT((T, T'), a)]. If |a| < n, the above property holds in S. 

If |a| = n, the property a\S = {(e,e)} holds. In all cases DQ4 is fulfilled. 

□ 

Definition 3. We define the extension ordering over V{(1Z x 72.)*) as follows: for every 
Si, £2 G V((JZ x 71)*), Si C S2 iff the two conditions below hold: 
El- 5i C S 2 

E2- Va G ^2 — Si , 3/3 G Si , which is maximal in Si for the prefix ordering and such that , 
P r< a. 

Lemma 2. Let T,T' G T. T/ie extension ordering over the set of all D-q- strategies w.r.t. 
(T,T'), is inductive. 

Proof: We recall that a partial order < over a set E is inductive iff, every totally ordered 
subset of E has some upper-bound. 

One can check that, if P is a set of D-q-strategies w.r.t. (T, T'), which is totally ordered by 
C, then the set 

S:=(Js 
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is still a D-q-strategy and fulfills: 

Vs eP.sCS. 

Hence the extension ordering over the set of D-q-strategies w.r.t. (T,T') is inductive. □ 

Lemma 3. Let S C (JZ x 72.)* 6e /miZe and Zei n := max{|a| | a G 5}. 
S is a finite prefix of a D-strategy w.r.t. (T,T') iff 

(1) S is a D-q-strategy w.r.t. (T, T") 

(2) V/3 G 5, = {(e,e)} => (|/?| = n or NEXT((T, T'),/3) 

Proof: Direct implication: 

Let S' be a D-strategy w.r.t. (T, T') and 

5 = S' n (7e x K)^ n 

for some n G N and some S' which is a D-strategy w.r.t. (T, T"). 

1- By Lemma [US' is a D-q-strategy w.r.t. (T, T"). 

2- Suppose that /3 G = {(e,e)} and |/3| < n. Then f3\S' = {(e,e)} too. Since S" is a 
D-strategy w.r.t. (T, T"), this implies that NEXT((T, T')./3) 

Converse: 

Suppose that S fulfills conditions (1)(2). By Lemma [2j Zorn's lemma applies on the set of D- 
q-strategies w.r.t. (T,T'): there exists a maximal D-q-strategy 5' (for the extension ordering) 
such that S C S' . Since S 1 is maximal, if a G S" and a\5 = {(e,e)}, NEXT((T, T'), a) G~ x . 
Thus, instead of the weak property DQ4, S" fulfills the property: 

Va G 5', NEXT((T, T'),a) G~i or 

[NEXT((T,T'),a) G~i and {(tt.tt') G ft x K \ a ■ (vr, n') G 5} is full for NEXT((T, T'), a}]. 

Hence S' is a strategy w.r.t. (T,T'). 
Clearly 

5 c s' n (ft x ft)^\ 

Let us prove the reverse inclusion. 

Let a G S' f) (ft x TZ)- n . Let (3 be the longuest word in PREF(a) n S. 
If (3 = a, then a G 5*, as required. 

Otherwise a G 5" — S. By condition E2 of definition [3j there exists some (3 G £*, which is 
maximal in 5 for the prefix ordering and such that 

P -< a. 

Maximality of f3 implies, by condition (2) of the lemma, that, 

|0| = n or NEXT((T,T')./3) . 
Since (3 -< a we are sure that |/3| < n so that 

NEXT((T,T')./3) . 

This last statement contradicts the fact that f3\S' is a D-strategy, w.r.t NEXT((T, T').f3) 
which is non-reduced to {(e, e)} (since it posesses f3~ l a). 
We can conclude that a G S. Finally: 

S = S' n (ft x ft)^ n . 
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□ 



Lemma 4. Let T,T'gT and let S C (JZ xTZ)* be finite. One can check whether S is a finite 
prefix of a D-strategy w.r.t. (T, T") 

This follows immediately from the characterisation given by Lemma [3j 

2.2 Formal systems 

For every To, Tq 6 T, So finite prefix of strategy w.r.t (To, To) and finite B C T x T, is defined 
a formal system 

J(To,Tq, So, B) 

The set of judgments of all the systems are the same. But the axiom and one rule (namely 
R7), is depending on the parameters (Tq,Tq, Sq,B). 

2.3 Judgments 

A judgment has one of the three forms: 
FORM 1: 

mN (T,T',S) 

where m G N, and T, T' € T are regular terms and S is a finite prefix of a strategy, w.r.t. 
(T, T") (D-strategies are defined p. 20, lines 27-30; finite prefixes are mentionned, though in a 
fuzzy way. at p. 23, line 11; we shall apply here Definition [TJ . 
FORM 2: 

where m € N, (T, T', <S), (Ti, T[, S\) fulfilling the above conditions, a S S and a\S = S\. 
FORM 3: 

m \= (T,T',S) ~> a |= SC/CC 
where m G N, (T, T", S*) fulfill the above conditions and a £ S. 

For all systems J'(To,Tq, So, B) the set of judgments is the same and consists of all the items 
of one of the three above forms. 

2.4 Basis 

We call basis every finite set 

B C T x T. 

2.5 Axioms 

J{To,Tq,So,B) has a single axiom: 

0^ (ToXSb) 
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2.6 Deduction rules 



All the systems J{Tq, Tq, So, B) have the set of rules described page 22 of |JanlO| . We name 
them Rl, Rl, . . . , RIO, the number corresponding to the one in the text. Note that R7 depends 
on the basis B. 

2.7 Proofs 

Let To, Tq € T. A proof oi Tq ~ Tq within the family of formal systems defined above is a finite 
basis B, together with, for each (T, T") € B U {(Tq,Tq)} a finite prefix of D-strategy S w.r.t. 
(T, T") and a proof, within system J{T, T' , S, B) of the judgment 

H (T, T', S) ~» (e, e) |= SUCC. 

3 The Equivalence proof 

We exhibit here a proof of 

A(±) ~ B(_L). 

According to the above notion of proof, it consists of the following items. 
Basis: 

£> : = {{C{L\),C(Li)), (D(Li), D(Li)), {E(L\),E(L\))}. 

Proofs: 



— a proof of the judgment |= A(J_), -B(-L), S (e, e) |= SUCC in the formal system 
^WO.flC-q.S.fl) (see7r 3 ). 

— a proof of the judgment |= C(-Li), C(L\), Idc,i ~> |= SUCC in the formal system 
J-(C(Li),C(Li),Idc,i,B) (see7r 4 ). 

— a proof of the judgment |= D(L\), D(L\), Id^ ~* (e, e) |= SUCC in the formal system 
J{D(L\), D(Li), ld.D,2, B) (see vr 5 ). 

— a proof of the judgment |= E(L\), E{L\), Ids 2 ( £ > £ ) |= SUCC in the formal system 
JXE(L0,£(£i),Id O)2 ,£) (see7r 6 ). 



0\= M±),B(±),S 



H(A,B)~>(y,x)\= C(±),C(±),S 1 H(A,B) ~> (xx,yx) \= A" (±) , B" (±) , S A pi 



~> (x 3 ,yx 2 ) \= S(-L),-E(-L),g 6 fi7 

g(A-B)~>(s 3 ,ya 2 )h succ 

H{A,B) ~» jx 2 ,yx) \= SUCC 
|= A(±), £(_L), 5 w (x, y) |= SUCC 



Figure 1. The proof n\ 
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Oh A{±),B{±),S 

h A(-L), B(-L), g ~> (y, x) h C(±), Si 

Oh A(±),B(1.),S ~> (y,x) h SUCC 



Figure 2. The proof 7r2 

7Tl 7T 2 



~> (x,y) H SUCC H(A,B) ~> (y,x) \= SUCC dq 
0^ A(±),B(±),S~*(e,e)\= SUCC 

Figure 3. The proof 1T3 



where 5) stands for |= A(±),B(±), S. 

Proof vr 2 : where H(C,C) stands for |= C*(L1), C(L1), Id c ,i. 

In the above proofs the following defender strategies (or prefix of strategies) were used (in 
fact, they can be deduced from the proofs): 
Let 

S := {(yx, xy), (yy, xx), (xxx, yxx)}. 

For every subset Z of (A x A)*, by PREF(Z) we denote its set of prefixes. 
We define 

V := PREF(S) 

namely: 

V = {(s,e), (y,x), (yx,xy), (x,y), (xx,yx), (xxx, yxx)} 

Finally, we define S as the subset of (7Z X TV)* obtained by replacing, in V , every 2-tuple 
(u,v) £ (A x A)* by the unique 2-tuple (r u ,r v ) G (1Z X TV)*, such that r u (resp. r v ) is 
applicable on A (resp. on B), LAB-7-(r u ) = u and LAB7-(r\,) = v. Namely: 

S = {{£,£), (n,r 2 ), (rir 5 ,r 2 r 6 ), (rir 6 ,r 2 r 5 ), (r 2 ,ri), (r 2 r 7 ,rir 8 ), (r 2 r 7 r 9 , nr 8 ri )}. 



Oh C(Li),C(Li),Id c ,i Oh C(Li),C(Li),Id c ,i 

ff(C,C) ^ (x,x) h D(Li),D(Li),Idc,o gXgVg) ^ (V,y) h £(Li),£(£i),Id c ,o 
#(C,C) ~* (x,x) h SUCC iJ(C,C) ~* (x,x) h SUCC 

Oh C^.C^.Idc^^elh SUCC "* 

Figure 4. The proof 1T4 
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Oh £>(£i),£>(Li),Id D , 2 m 

h I>(Li),£>(Li),Id A2 ^ fog) h £i,£i,Id Ai 
Oh £>(Li),D(Li),Id g ,2->(^i,^i)|= J_,_L,Id A0 

oh £(£i),fl(Li),id A2 ~>foaO|= succ m fl8 

Oh D(Li),D(Li),Id A2 ^(e,£)h SUCC 



Figure 5. The proof 7T5 



0h£(Ii),£(Li),Id E , 2 Oh g(^i),%),Id fi2 

- Xxl ; ; Xll 



H(E,E)~>(x,x)\= Lx,Li,Id g ,i ~^foz)h £i,£i,Id g ,i ^ 

H(E,E) ~> fo^) h ■l.-L.Idig.o iJ(£,£)^(z4,^)h ±,±,Id g , 
~» foi,xli) h SUCC ggg -> (^1,^1) h succ 

H(E, E) ^ fo x) h SUCC m H (E, E) ~» fo z) (= SUCC fl8 

h £foi),£foi),Id £)2 -w foe) h SUCC ** 



Figure 6. The proof ttq 



(See figures EU). 
Subsequently: 



Si 


= {Ofo (r 5 ,r 6 ), (r 6 ,r 5 )} 


s 2 


= {(e,e)} 


s 3 


= {(e,e), (r 7 ,r 8 ), (r 7 r 9 , r 8 r w )} 




= {fofo, (^9, ^10)} 


s 5 


= {(e,e)} 


&6 


= INDSTRfo, 5 5 ) = S^ 1 S 5 



Lemma 5. S is a prefix of D- strategy w.r.t. fo(_L), I?(_L)). 

Proof: Let us check that S fulfills the critetium given by Lemma [3l Here n = 3. Point (1) is 
easily checked. 

Let p e (K x n)* such that p\S = {(e,e)}. Either (NEXT(fo, B),f3) G {fo, D), (D, E)}, 
while D t^iE) or \f3\ = 3. Hence Point (2) holds. □ 

For proving the equivalences of the members of the basis we shall use the "trivial" prefixes of 
strategies, consisting of 2-tuples of identical rules on both sides: 

Idc,i := {foe)) (r 5 ,r 5 ), (r 6 ,r 6 )}) 

IdD,2 := {(s,s), (r u ,r n ), (mru, rnru)}) 

Ids,2 := {(e,e), (n2,ri 2 ), (ri 3 ,n 3 ), (r 12 r u ,r 12 r 14: ), (r 13 r u ,ri 3 r u )}). 
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(A,B) 

(C,C) (A',B') 




{x,x) 



(D,E) (E,D) (A",B") 

(x,x) 
(D,E) 

Figure 7. The strategy S viewed on T 
One can check that Idc,i is a prefix of the strategy, for the game with initial position (C, C), 

The set Hd,2 (resp. He, 2) is really a strategy for the game with initial position (D, D) (resp. 
(E,E)) since no rule r, is applicable on _L. For every N € {C, D,E}, the symbol IdN,i will 
denote a residual of length i of the strategy IdN, n : 

Id c ,o = Id Di0 = Id E ,o = 

Id D ,i = Id E ,i = {(e, e), (r l4 , ru)} 

4 The Non-equivalence (meta-) proof 

Lemma 6. A(±) ^B(±) 
Proof: 

Vu G TV, ACT{u) = aaab A(±) A 

while 

3u G ^*,^CT(u) = aaa& and B(±) -A 

hence A(_L) -/fi(-L). □ 

From section [3] and Lemma [6] we conclude 

Theorem 1. The family of formal systems (J^{Tq,Tq,Sq,B)) is not sound. 

5 Variations 

Let us describe variations around this example. 
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(A,B) 




(D,E) (E,D) (A",B") 

(rg,ri ) 
(D,E) 

Figure 8. The strategy S 

Description of the proofs 

We chosed to write the proofs with judgments of the form m \= (T, T' , S) or m \= (T, T', S) 
a \= (T\,T[, Si) or m \= (T, T', S) ~> a |= SUCC, where, in the case of forms 2,3, the prefix 
a is given by its image under the map LAB7- (its image is enough to determine a £ (1Z xTZ)* 
just because the grammar is deterministic). Of course the proofs can be rewritten with prefixes 
a £ (K x K)*. 

Strategies 

The formal systems JT(Tq, Tq, Sq, B) described in subsection I2.2I were devised so that their 
set of judgments is recursive. Let us consider now the formal systems J{Tq, Tq, So, B) really 
considered in pages 21-24. Their judgments are also of the forms 

m k= (T,T',S), (T,T',S)^a^= (Ti.Tj,^), (T,T',S)^a^ SUCC 

but where S,S\ are D-strategies (instead of finite prefixes of strategies), "except when a 
judgment is obtained by rule R2": see the fuzzy remark on page 23, line 11, followed by 
the enigmatic remark that "we could complete the definition anyhow for such cases". Since 
S, S\, S2, S3, S4, S5, Hd,2) IdE,2 are really D-strategies and Sq is obtained by an application of 
rule R2, it seems that our proofs TT3,ir^,irQ are also proofs in the systems J{Tq, Tq, Sq, B). As 
well, replacing Idc,i by Idc,oo in ^4, we obtain a proof of judgment 0|= (C{L\), C{L\), Idc,oo) ~> 
(e,e) (= SUCC in the system 0{C{L{), C(Li), Id c ,oo, B)). 

Depth of the examples 

One can devise such proofs of non-bisimilar pairs, with an arbitrary long initial strategy: it 
suffices to add non-terminals D\ , D2 , ■ ■ ■ , , E\ , E2 , ■ ■ ■ , Ek and to replace rules (lll|12|13|14p 
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by the sequence of rules: 



D{v) D 1 (v) (15) 

E{v) -Z* Ei{v) (16) 

D^v) D 2 (v) (17) 

El (v) E 2 (v) (18) 

D k (v) v (19) 

E k {v) v (20) 

E k (v) -A v (21) 

Lt 1 (22) 



A proof of |= -A(-L), -B(J-), S 1 (e, e) |= SUCC can still be written, but with a longer initial 
strategy S where the maximal length of words is 3 + k, and a prefix of strategy Sq of length 
k. Note that the sizes of the proofs tt^, tt^, tt^, ttq still remain the same. 

6 The flawed argument 

Let us locate precisely, in |JanlO| . the crucial flawed argument in favor of soundness of the 
systems. 

Page 24, line $-4, the following assertion (FA) is written: 

"The final rule in deriving m \= (U, U', S') (e, e) \= SU CC could not be the Basis rule, due 
to the least eq-level assumption for T, T' (recall Prop. 17)". 

In our example: 

(T, T 1 ) = (A(±),B(±)), EqLv((A(±) 1 B(±))=3 

Let us take 

(U,U',S') = (E(±),E(±),S 6 ) 

We have: 

EqLv(U, U', S')=0 = EqLv(T, T' , S) - 3 

And the judgment 

3^ E(±), E(±), Sq ~> (e, e) |= SUCC 

can be derived by the proof ttj below. Hence (T, T r ) has the least equivalence level, among the 
EqLevels of the elements of {(T, T')} U B while m,U,U' fulfills the maximality hypothesis of 
the text (line $-7). 

But the final rule used in this proof is the basis rule (R7), contradicting the assertion (FA). 
The bug seems to be the following: by Proposition 17 

EqLv(E(Li),E(Li)) < EqLv(E(l_), E(±)) (23) 
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0^ A(±),B(±),S m 



0\= A(±),B(±),S m H{A 1 B)^{x.,y)^ A'(i_), £'(±), S 3 ^ 



H(A,B)~>(y,x)\= C(±),C(-L),Si D1 H(A,B) ~> (xx,yx) \= A"(±),B"(±),S 4 pi 

- xxl — Hi 



H(A, B) ~» (yx, xy) \= D(1),E(±), S 2 H(A, B) ~* (x*, yx 2 ) \= D(±),E(1), S 5 r> 
OH A(±),B(±),S~>(x 3 ,yx 2 )\= E(±),E(±),S 6 De 
3h E(L),E(±),S 6 m 



3^ E(±),E(±),S 6 ~*(e,e)\= E{±), E(±), S e ^ 
3 |= E(±),E(±),S 6 w (e,e) |= SUCC 

Figure 9. The proof 7r7 

BUT 

EqLv(E(L 1 ),E(L 1 ))>EqLv(E(l.),E(±),S 6 ) ! (24) 



A superficial look at the instance (|23j) of Proposition 17 can induce the idea that, for every 
D-strategy S (in particular for Sq), the inequality 

EqLv(E(L\),E(L\)) < EqLv{E(l_),E(±),S) (25) 

holds. In fact, what shows Proposition 17, is that inequality (|25p does hold but, only for 
strategies S which are optimal for the defender, hence realizing exactly the equivalence level 
of (£(±), £(!_)). 
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